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ABSTRACT 


The  Internet  has  undergone  a  tremendous  growth  in  the  past  decade.  After  the 
evolution  of  Personal  Computers  and  the  radical  decrease  of  their  prices,  people  have  the 
ability  to  access  all  the  massive  information  that  only  the  Internet  and  the  World  Wide 
Web  can  provide.  One  of  the  factors  that  boosted  this  ability  was  the  evolution  of  the 
Web  Servers.  Using  the  web  server  technology  man  can  be  connected  and  exchange 
information  with  the  most  remote  places  all  over  the  world.  So,  the  web  can  be  thought  as 
a  mass  medium.  This  study  will  provide  the  necessary  information  required  to  configure  a 
Web  Server  within  the  boundaries  of  an  academic  Intranet.  It  will  also  serve  as  an 
example  for  both  Greek  and  US  DoDs  or  other  organizations  seeking  to  implement  a 
Web  Server  as  an  improvement  to  their  existing  Servers. 
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I.  INTRODUCTION 

The  World  Wide  Web  (www)  and  the  Internet  generally  are  not  inventions  of  the 
last  decade.  Their  history  dated  from  the  early  70's  when  it  started  as  ARPANET 
(Advanced  Research  Projects  Agency  Network),  a  military  wide  area  network  for  the  US 
DOD.  During  the  ARPANET  projects,  packet  switching  and  a  new  communications 
protocol  suite  were  developed:  The  Transmission  Control  Protocol/  Internet  Protocol, 
widely  known  as  TCP/IP. 

During  those  years,  only  Government  facilities,  University  campuses  and  large 
corporations  used  mainframes,  minicomputers,  or  supercomputers  to  run  their 
applications.  However,  the  evolution  of  Personal  Computers  (PC's)  in  the  early  eighty's 
has  boosted  web  activities  to  the  business  and  public  sectors.  This  development  combined 
with  the  significant  reduction  of  PC  prices  provided  people  with  greatly  enhanced 
computing  power.  This  fact  was  combined  with  a  tremendous  increase  in  computer 
performance,  which  started  primarily  in  the  past  decade.  In  addition,  the  evolution  of 
land-based  and  satellite  telecommunication  provided  access  to  this  increased  computing 
power  through  the  Internet  on  a  worldwide  basis. 

One  of  the  crucial  factors  that  supported  this  ability  was  the  evolution  of  web 
servers.  Through  this  technology,  people  can  connect  to  and  exchange  information  with 
most  remote  locations.  Today,  computers  and  the  Internet  can  be  thought  of  as  a  mass 
medium  for  communication  among  the  people;  in  few  years  in  will  be  as  necessary  as  the 


telephone  is  today.  One  current  use  of  the  Internet  is  for  IP  Telephony,  which  can  deliver 
voice,  fax,  or  video  packets  in  a  dependable  flow  to  the  user.  So,  the  replacement  of 
conventional  telephony  with  IP  may  occur  in  the  near  future. 

Furthermore,  web  technology  is  now  radically  transforming  the  traditional  way  of 
doing  business.  E-commerce  is  the  present  and  the  future  way  of  doing  business,  selling 
any  kind  of  items  from  software  to  agricultural  products.  "Friction  Free  economy  theory" 
as  described  by  Naval  Postgraduate  School  (NPS)  Professor  Ted  Lewis  [Ref.l],  resets 
Adam  Smith's  and  Maynard  Keynes'  economic  theories,  at  the  speed  of  the  Internet.  So, 
the  Internet  is  pervasive  and  whoever  ignores  this  fact,  will  soon  fall  behind  and 
eventually  disappear  from  the  "business  decision  chessboard". 

Web  technology  is  used  by  many  organizations,  institutions  and  business 
corporations.  Among  them  is  the  Naval  Postgraduate  School.  The  use  of  the  Internet  is 
necessary  for  both  faculty  and  students.  Classes,  notes,  assignments,  presentations,  and 
other  sources  of  information  about  a  course  or  an  academic  issue  can  be  placed  on  a  web 
site.  Everyone  who  has  a  connection  to  the  Internet  can  access,  browse,  copy  or  print 
anything  that  the  user  needs.  E-mail  is  widely  used  and  is  one  of  the  primary  means  of 
exchanging  ideas  and  assignments. 

The  implementation  of  public  web  sites  requires  configuration  of  a  program, 
called  a  web  server,  which  has  to  be  installed  on  a  publicly  accessible  computer.  A  web 
server  is  a  program  that  runs  under  a  designated  machine  and  operating  system  for 


making  documents  available  to  Internet  visitors  through  a  web  browser.  A  web  browser  is 
a  client  program  that  provides  a  way  to  view  and  interact  with  information  on  a  web 
server.  By  visiting  a  web  site,  we  can  see  a  large  variety  of  web  pages.  Some  of  the  most 
well-known  and  widely  used  browsers  are  Microsoft's  Internet  Explorer  and  Sun's 
Netscape  Navigator. 

Thus,  through  a  thorough  study  of  web  server  technology,  and  after  considering 
the  advantages  and  the  disadvantages  of  each  case,  this  thesis  will  define  which  solution 
is  most  appropriate  in  configuring  a  web  server  of  an  academic  intranet. 
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II.         WEB  SERVER  TECHNOLOGY 

A  web  server  is  a  system  that  combines  hardware  and  software  with  the  mission 
to  provide  information  to  clients.  This  system  receives  requests  for  information  from  a 
client  via  the  Internet  and  after  processing  these  requests  and  checking  their  validity, 
retrieves  or  generates  the  desired  information  and  transmits  it  back  to  the  client.  A  web 
server  utilizes  the  client/server  model  and  the  World  Wide  Web's  Hypertext  Transfer 
Protocol  (HTTP)  provides  web  pages  to  users.  Every  computer  on  the  Internet  that 
contains  a  web  site  must  have  a  web  server  or  alternatively  the  web  site  files  must  be 
uploaded  to  a  computer  that  has  a  web  server. 

The  factors  that  have  significant  impact  on  a  web  site  performance  are  the 
hardware  that  hosts  the  server,  the  operating  system  under  which  it  runs,  and  the  web 
server  software.  After  thorough  research  on  the  Naval  Postgraduate  School  campus,  forty 
web  servers  were  found  to  be  in  operation.  Appendix  A,  contains  information  about  them 
and  Appendix  B  contains  a  web  server  baseline  assessment. 

A.        NETWORK  PROTOCOLS 

A  necessary  part  of  the  technology  required  to  setup  an  Internet  or  Intranet 
environment  in  a  company  is  to  select  a  specific  protocol  for  use  on  the  corporate 
network.  The  protocol  that  is  widely  used  for  Internet  technologies  is  known  as  the 
Transmission  Control  Protocol  /Internet  Protocol  or  TCP/IP.  This  protocol  can  operate  on 
Ethernet  or  Token  Ring  Local  Area  Networks  (LANs),  on  various  Wide  Area  Networks 
(WANs),  and  even  over  standard  telephone  lines  that  are  connected  to  a  modem.   UNIX 


systems  have  implemented  TCP/IP  as  a  standard  feature.  Smaller  systems  like  Windows 
9x  and  NT  have  TCP/IP  built  into  their  operating  system. 

Mainframes  also  use  TCP/IP  in  conjunction  with  proprietary  networking 
protocols.  Some  examples  are  IBM's  SNA  and  DEC's  DECnet. 

B.         HARDWARE  PLATFORMS  FOR  WEB  SERVERS 

Regarding  hardware,  there  are  three  main  categories  in  which  web  servers 
"reside".  These  include:  1)  UNIX  systems  like  Sun,  Silicon  Graphics,  IBM,  and  or  HP 
2)  Windows  based  systems  that  can  utilize  Intel,  RISC  technology.  Alpha,  AMD  or 
Cyrix  processors,  and  3)  Apple's  Macintosh  systems  that  use  Motorola  68x,  or  PowerPC 
processors.  The  UNIX  operating  systems,  such  as  LINUX,  Sun  OS,  Solaris,  HP/UX, 
IBM/AIX  and  IRIX  are  primarily  used  in  large  systems,  while  smaller  systems  like  PCs 
run  under  Microsoft's  Windows  9x,  NT  or  Windows  2000  operating  systems.  In 
Appendix  C,  there  is  a  suggested  configuration  for  a  PC/Windows  9x-NT  platform. 

For  web  server  software,  it  was  observed  that  larger  systems  use  Apache  and 
Netscape's  Enterprise  Server  while  the  smaller  systems  primarily  used  Microsoft's 
Internet  Information  Server  (IIS)  web  server.  Of  course,  there  are  some  other 
combinations  of  hardware  platforms,  operating  systems  and  web  server  software. 

Web  servers  often  come  as  part  of  a  larger  package  of  Internet-  and  intranet- 
related  programs  for  serving  e-mail  (e-mail  servers),  files  (ftp  servers),  and  building  and 
publishing  web  pages  (web  publishers).  Considerations  in  choosing  a  web  server  include: 


how  well  it  works  with  the  operating  system  (that  runs  in  a  specific  computer)  and  other 
servers,  its  ability  to  handle  server-side  programming  and  publishing,  search  capabilities, 
and  web  site  construction  tools  that  may  be  included. 

C.        WEB  SERVER  SOFTWARE  SOLUTIONS 

The  software  to  be  used  for  a  web  server  is  closely  related  with  the  hardware 
platform  that  will  host  the  web  server.  We  can  divide  this  software  in  two  main 
categories:  UNIX/LINUX  based  machines  and  the  Windows  9x-NT  machines. 

1.     Unix-Linux  Based  Web  Servers 

Web  servers  with  heavy  traffic  require  machines  that  are  usually  running  under 
Unix-Linux  operating  Systems.  The  most  popular  web  server  is  Apache,  an  open  source 
web  server  that  is  free  [Ref.2].  Apache  is  available  for  both  32-bit  Windows  and  UNIX- 
LINUX  based  operating  systems,  (see  Figure  1) 


^F^VEIF^      PROJ  ECT 


Figure  1 :  Apache  Web  Server  Logo 

2.     Pc/Windows  9x-XT  Based  Web  Servers 

For  relatively  light  to  medium  traffic  on  a  web  site,  Microsoft  provides  Internet 
Information  Server  (IIS).  IIS  is  bundled  with  Windows  NT  server.  For  PC's  that  use 
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Windows  9x/2000  as  their  operating  systems,  there  is  a  special  version  of  IIS  called 
Personal  Web  Server  (PWS)  [Ref.3]  (see  Figure  2.).  Netscape  offers,  its  Fast  Track  and 
Enterprise  servers.  If  the  web  site  is  expecting  to  have  heavy  traffic,  O'Reilly's  WebSite 
[Ref.4]  (see  Figure  3).  Smart  desk  Personal  Web  Server,  Imatix  Xitami  [Ref.5]  and  Sun's 
Java  web  Server  are  some  of  the  solutions  that  can  handle  the  load  effectively.  All  of 
these  web  servers  can  be  downloaded  for  free  from  the  Internet. 
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Figure  2:  Microsoft's  Personal  Web  Server  (PWS)  Main  Window 
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Figure  3:  O'Reilly's  Website  Professional  Server  Properties  Page 


3.     Windows  2000  Based  Web  Servers 

Another  solution  for  the  enterprises  that  wish  to  upgrade  from  Windows  NT  based 
Internet  Information  Server  (IIS)  version  4.0,  is  the  latest  version  IIS  V.5.0.  This  version 
is  included  with  Microsoft  2000  Server  editions.  IIS  5.0  is  a  high  performance  web  server 
containing  many  improvements  compared  with  the  previous  IIS  versions.  Its  first 
characteristic  is  the  smaller  size  (about  30  MB)  of  the  files.  In  addition,  IIS  v  5.0  provides 
performance  application  protection,  security  enhancements.  Furthermore,  it  supports 
many  standards  such  as  Fortezza  (a  new  D.O.D  security  standard).  Transport  Layer 
security  (using  SSL  v  3.0),  Digest  Authentication  (a  method  of  hashing  authentication 
information  introduced  in  Internet  explorer  5.0)  and  Kerberos  v  5.0  authentication 
protocols  that  are  used  in  Windows  2000.  Finally,  IIS  v5.0  features  Web  based 
Distributed  Authoring  and  Versioning  (WebDAV),  which  is  a  standard  designed  to 
simplify  the  construction  of  intranets  and  provide  the  ability  for  multiple  users  to  publish 
documents  to  a  common  Web  server. 

On  the  other  hand,  there  are  some  cons  such  as  the  lack  of  a  Unix  version,  and  the 
lack  of  documentation  on  the  newest  features.  In  addition,  IIS  runs  only  on  the  Server 
edition  of  Windows  2000  and  the  remote  Web-based  administration  is  still  somewhat 
lacking.  [Ref.6] 

D.         WEB  BROWSER  SOFTWARE 

A  web  browser  is  a  program  that  is  used  to  view  the  web  pages  that  exist  on 
various  web  sites.  The  types  of  computing  platforms  we  use  can  influence  the  selection  of 
an  appropriate  browser.  So,  first  we  have  to  check  the  operating  systems  that  run  under 


the  respective  hardware  platforms  and  the  versions  we  need.  Another  characteristic  to 
consider  is  the  browsers' Java-capability.  The  most  widely  used  web  browsers  are  Sun's 
Netscape  Navigator  (see  Figure  4),  and  Microsoft's' Internet  Explorer  (see  Figure  5). 
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Figure  4:  Netscape  Navigator 
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Figure  5:  Internet  Explorer 
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E.         OTHER  WEB  SERVERS 

Novell's  offers  a  web  server  for  users  of  its  NetWare  operating  system  and  IBM's 
family  of  Lotus  Domino  servers  are  used  primarily  for  IBM's  OS/390  and  AS/400 
mainframe  computer  customers.  These  web  servers  are  used  to  handle  high  volume 
needs. 


In  the  world  of  unique,  there  is  the  Matchbox  web  server,  which  is  the  smallest 
web  server,  ever  created.  This  server  runs  on  a  single-board  AMD  486-SX  computer  with 
a  66  MHz  CPU,  utilizes  16  MB  RAM.  and  16  MB  flash  ROM,  which  is  big  enough  to 
hold  an  adequate  amount  of  the  Red  Hat  5.2  Linux  operating  system,  including  the  HTTP 
daemon  that  runs  the  web  server.  It  communicates  with  the  outside  world  via  two  serial 
ports,  a  printer  port,  and  a  connector  for  a  floppy  drive.  It  measures  2.8"  x  1.8"  for  an  area 
of  5  square  inches.  Being  0.2"  thick,  this  makes  the  volume  one  cubic  inch  (16  cc's).  It 
weighs  3/4  oz  (20  grams).  This  server  was  constructed  in  the  Wearable  Computing 
Laboratory  at  Stanford  University  [Ref.7]  (see  Figure  6). 


Fisure  6:  The  Matchbox  Web  Server 
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F.       HOW  A  WEB  SERVER  WORKS 

Generally  speaking,  a  server  is  a  computer  program  that  provides  services  to  other 
computer(s)  (see  Figure  7). 


Request  HTML  page  from  server 
► 


Send  an  HTML  page  to  client    j 
Client  Server 

Fisure  7:  Client/Server  Programming  Model 


In  the  client/server  programming  model,  a  server  is  a  program  that  awaits  and 
fulfills  requests  from  client  programs  in  the  same  or  other  computers.  A  given  program 
(application)  in  a  computer  may  run  as  a  client  which  requests  services  from  other 
programs  and  as  a  server  of  requests  from  other  programs. 

For  our  purposes,  a  web  server  responds  to  requests  for  HTML  pages.  A  page  is 
the  basic  unit  of  information  transfer  on  the  web,  although,  the  user  can  request  a 
download  of  a  file.  A  web  client  is  the  requesting  program  associated  with  the  user.  The 
web  browser  (i.e.  Netscape  Navigator  or  Internet  Explorer)  in  our  computer  is  a  client 
that  requests  HTML  pages  from  web  servers. 
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III.         OVERVIEW  OF  A  WEB  SERVER 

A.        WEB  SERVER  CHARACTERISTICS 

1.     Factors  that  Affect  the  Choice  of  a  Web  Server 

Generally,  all  web  servers  perform  the  function  of  delivering  a  document  to  a 
client(s)  when  the  document's  web  address  (or  to  be  more  specific,  the  Uniform  Resource 
Locator  (URL))  is  requested. 

Web  servers  have  many  capabilities.  Common  features  include  the  ability  to  log 
accesses  to  files  or  databases,  execute  applets  that  may  be  written  in  languages  like  Java 
or  JavaScript,  execute  server  side  scripts  and  process  "clickable"  image  maps.  Security 
features  typically  allow  a  web  site  administrator  to  restrict  a  portion  of  the  document  tree 
to  authorized  users.  Since,  most  sites  are  usually  limited  by  the  speed  of  their  network 
connection,  the  performance  of  a  web  server  (with  only  few  exceptions)  should  not  be  a 
major  factor  in  the  choice  of  our  web  server.  Of  course,  a  crucial  factor  is  the  size  of  the 
documents,  imaaes  or  other  files  that  well  be  serving- 

Another  critical  issue  in  the  choice  of  a  web  server  is  the  operating  system  that  the 
hardware  platform  will  use.  Some  of  the  options  offered,  include  the  Unix  family  of 
operating  systems,  Windows  9x  or  NT  or  2000  and  Apple's  OS.  All  of  these  have 
advantages  and  disadvantages,  but  they  all  support  the  TCP/IP  protocol,  which  is 
essential  for  the  operation  of  a  web  server. 


2.  Overview  of  a  Personal  Web  Server 

As  previously  mentioned,  a  personal  web  server  is  a  program  that  can  turn  a 
personal  computer  into  a  web  server.  Generally  speaking,  what  ever  is  personal  is 
something  not  in  large  scale  or  size.  So.  a  personal  web  server  covers  the  needs  of  an 
individual  or  a  small  business.  The  use  of  such  kind  of  web  server,  provides  us  with  some 
advantages  and  but  there  is  also  some  limitations  that  we  must  keep  in  mind. 

3.  Advantages  of  Using  Personal  Web  Servers 

The  first  advantage  is  the  ability  to  maintain  our  own  log  files.  This  feature  sives 
us  information  about  our  web  site  traffic  and  data  of  each  visitor.  In  addition,  our  site  can 
function  as  a  simple  FTP  server  by  allowing  users  "  browse  directory".  This  method  helps 
the  visitors  of  our  site  to  browse  folders  and  access  publicized  files  faster  than  if  we  put 
them  in  web  pages.  Finally,  ease  of  use  and  simplicity  is  very  essential  for  non- 
experienced  developers  in  order  to  develop  an  entry-level  web  server. 

4.  Limitations  of  Personal  Web  Servers 

Personal  web  servers  are  made  for  serving  a  limited  volume  of  web  traffic.  This 
primarily  means  that  they  can  efficiently  handle  only  five  to  ten  visitors  simultaneous 
connections.  So,  if  we  expect  higher  traffic,  more  robust  web  server  will  be  required. 
Microsoft's  Internet  Information  Server  (IIS)  or  Apache's  web  server  are  common 
solutions  in  high  traffic  cases. 
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B.         WEB  CLIENT  CHARACTERISTICS 

Recall  from  Chapter  II  that  a  web  browser  (i.e.  Netscape  Navigator  or  Internet 
Explorer)  plays  the  role  of  a  client  that  requests  HTML,  pages  from  web  servers.  There 
are  a  wide  variety  of  web  browsers  available  for  use  today.  Some  Internet  Service 
Providers  (ISP's)  such  as  America  on  Line  (AOL)  offer  web  browsers  along  with  their 
connection  software  package.  Nevertheless,  the  largest  slice  of  the  web  browser  market 
belongs  primarily  to  two:  Microsoft  Internet  Explorer  and  the  Netscape  Navigator. 

Internet  Explorer  (EE)  is  the  web  browser  that  Microsoft  offers  with  Windows  95 
or  98.  The  latest  version  of  IE  is  5.5.  is  bundled  with  Windows  2000  Professional,  but  can 
also  be  downloaded  for  free  from  the  Microsoft's  web  site.  Sun  Microsystems,  offers 
Netscape  Navigator.  Navigator  is  the  browser  component  of  thve  Netscape 
Communicator  software  package  that  contains  several  other  tools,  such  as  Messenger 
(email)  and  Composer  (web  page  editing).  The  latest  version  is  4.77  can  also  be 
downloaded  for  free  from  Sun's  web  site. 

Both  EE  5.5  and  Netscape  Navigator  are  excellent  browsers  and  offer  many  tools 
to  their  users.  They  have  a  lot  in  common  and  do  almost  the  same  job  using  different 
methods.  The  evaluation  of  these  two  web  browsers  is  beyond  of  the  scope  of  this  thesis. 
Nevertheless,  the  major  difference  is  the  way  they  handle  email.  Because,  EE  5.5  does  not 
incorporate  any  mailing  program,  Microsoft  offers  (together  with  Windows  9x  or  2000)  a 
specialized  email  handling  program  called  Outlook  Express  (see  Figure  8).  On  the  other 
hand,  Netscape  Messenger  is  an  email  client  included  in  the  Netscape  Communicator 

package  (see  Figure  9). 
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Figure  8:  Microsoft  Outlook  Express  5.0 
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Figure  9:  Netscape  Messenger 
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C.         WEB  SITE  DEVELOPER  TOOL  CHARACTERISTICS 

A  web  server  can  manage  one  or  more  web  sites.  Every  web  site  consists  of  one 
or  more  web  pages.  For  the  educational  purposes  of  this  thesis,  I  developed  a  web  site 
named  NPS  Student  Information  Center  (XPSSIC).  This  web  site  has  a  welcome  page 
that  offers  two  choices:  An  English  site  and  a  Greek  one.  The  welcome  pages  of  this  site 
are  shown  on  Appendix  D. 

Microsoft  Front  Page  2000  was  used  to  develop  the  necessary'  web  pages  (see 
Figure  10).  This  software  tool,  which  provides  flexibility  and  multiple  features,  proved  to 
be  very  handy  and  useful.  The  resemblance  with  the  other  Microsoft  applications  such  as 
Microsoft  Word  and  the  user-friendlv  environment  gives  Front  Page  2000  an  advantage 
over  the  other  web  page  developing  tools.  Recently,  Microsoft's  Front  Page  2000  was 
rated  as  an  editor's  choice  for  novice  users  who  want  to  design  simple  web  sites  [Ref.S]. 
For  the  advanced  users  who  wish  to  design  an  advanced  site  editor's  choice  went  to 
Macromedia's  Dreamweaver  3  [Ref.8]. 

Front  Page  2000  has  the  ability  to  edit  different  kinds  of  web  pages  like  HTML 
format  (.htm),  Cascading  Style  Sheet  (.ess)  format  or  Active  Sever  Pages  (.asp)  format. 
ASP  is  a  server-side  scripting  language.  This  means  that  ASP  code  is  first  processed  at 
the  server  and  then  it  is  sent  to  the  web,  while  HTML  pages  are  processed  by  the  client 
(web  browser).  This  ASP  characteristic  gives  additional  security  to  our  web  pages, 
because  we  can  write  code  that  will  never  be  viewed  from  a  web  browser. 
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Figure  10:  Microsoft  Front  Page  2000 

In  addition,  Microsoft  FrontPage  provides  the  following  support  that  let  us  take 
the  advantage  of  advanced  Web  browser  technology  [Ref.9]: 

1.  ActiveX  controls 

ActiveX  controls  are  software  components  that  we  can  reuse  and  insert  in  our  web 
pages  in  order  to  produce  multimedia  effects,  pop-up  menus,  interactive  menus,  and  other 
sophisticated  applications.  These  controls  can  be  written  in  a  variety  of  modem 
programming  languages  such  as  Java,  C++  and  Visual  Basic. 

2.  Java  Applets 

Java  applets  are  like  the  ActiveX  controls  that  are  written  in  Java  programming 
language.  These  applets  can  provide  dynamic  elements  and  interactive  characteristics  on 
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Web  pages.  Thus,  when  we  browse  a  web  page  that  contains  a  Java  applet,  its 
components  are  downloaded  and  executed  at  a  run  time,  only  for  that  browsing  session. 

3.  Web  Browser  Plug-ins 

Plug-ins  are  small  software  pieces  that  can  extend  the  functionality  of  a  web 
browser.  Using  plug-ins  we  can  make  our  browser  capable  of  handling  specific  file  types 
like  image  files,  sound  files  or  animation  files.  Plug-ins  are  supported  by  Internet 
Explorer  4.0  or  later. 

4.  Scripts 

Scripts  are  pieces  of  programming  code  that  we  can  add  to  web  pages  for  Web- 
based  solutions  development.  Using  scripts  we  can  handle  page  elements  without 
knowing  the  details  of  HTML  code. 

5.  Secure  Socket  Layer 

Another  useful  feature  of  Microsoft  FrontPage  2000,  that  is  not  only  useful  but 
also  necessary  for  the  electronic  commerce,  is  Secure  Socket  Layer  (SSL).  SSL  is  an 

open  standard  that  was  designed  to  prevent  hackers  to  intercept  private  or  sensitive 
information  (such  as  bank  account  numbers,  credit  card  numbers  or  social  security 
numbers)  sent  over  a  network  or  through  the  Internet.  Using  SSL  our  web  browser 
encrypt  its  communication  with  a  web  server. 

FrontPage  can  take  advantage  of  SSL  in  the  following  ways: 

•    Communicate  securely  between  the  client  and  the  web  server. 
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•    Create  secure  hyperlinks  in  our  web  pages.  Secure  hyperlinks  are  indicated 
by  https://  instead  of  the  http://  before  the  URL  or  the  Internet  address  of  the 
web  server  and  the  target  page. 
Web  servers  that  support  the  SSL  standard  include  Microsoft  IIS.  Netscape 
Enterprise  Server,  O'Reilly  WebSite  Professional  and  Stronghold  Web  Server.  Since  SSL 
feature  is  not  enabled  bv  default,  we  have  to  check  it  in  order  to  activate  it. 
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IV.       WEB  SITE  DEVELOPMENT 

A.  INTERNET  CONNECTION 

When  we  consider  the  construction  of  our  web  site  the  first  problem  to  be 
resolved  is  the  Internet  connection  that  this  site  will  utilize.  First,  we  could  install  it  on  a 
web  server  provided  by  an  Internet  Service  Provider  (ISP).  Second,  we  could  host  a  web 
server  on  an  ISP  site.  Finally,  we  could  install  a  high-speed  Internet  connection  (i.e.  DSL) 
that  will  be  dedicated  for  use  from  our  web  server.  Each  of  the  previously  mentioned 
solutions  has  advantages  and  disadvantages.  The  factors  that  must  be  taken  into 
consideration,  in  order  to  achieve  the  highest  performance  with  the  lowest  budget, 
include: 

•  The  type  and  the  source  of  information  that  our  web  site  will  be  serving, 

•  The  amount  of  traffic,  which  will  be  generated. 

•  The  Internet  connectivity  that  is  in  place  within  the  organization. 

B.  LOCATION  OF  THE  WEB  SERVER 

In  choosing  the  location  of  our  web  server,  we  must  consider  the  following  four 
main  connecting  options: 

•  The  first  is  to  connect  it  on  an  Intranet  or  a  LAN  without  a  firewall, 

•  The  next  is  our  server  will  be  connected  to  stubnet, 

•  The  third  is  it  inside  an  Intranet  or  a  LAN  and  inside  a  firewall, 

•  The  last  is  to  connect  it  outside  an  Intranet  or  a  LAN  and  out  side  a 
firewall. 

21 


All  the  above  options  have  their  pros  and  cons  and  we  have  to  decide  having  as 
criteria,  the  above-described  factors.  Firewalls  are  systems  that  protect  our  servers  from 
outer  attacks.  They  are  described  in  more  detail  below  in  the  paragraph  named  "WEB 
SERVER  SECURITY". 

1.     Connecting  the  Server  on  a  LAN  or  Intranet 

Putting  our  web  server  inside  a  local  area  network  or  an  Intranet  (see  Figure  11) 
could  provide  us  with  some  advantages,  but  we  would  have  some  limitations  too. 
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Figurel  1 :  A  Web  Server  Inside  a  Local  Area  Network  (LAN)  [Ref.  13] 


In  this  case  we  connect  our  server  (as  the  rest  of  the  LAN  computers),  directly  to 
the  hub,  the  hub  is  connected  to  the  router,  which  in  tum  is  directly  connected  to  the 
Internet  Service  provider. 

a.     Positives 

Installing  our  web  server  inside  a  Local  Area  Network  could  provide  us 
higher  security.  Security  can  be  provided  by  a  proxy  server  (firewall),  which  protects  all 
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the  LAN  computers  from  possible  attacks.  Furthermore,  we  will  have  faster  access  to  the 
Internet  using  the  high-speed  routers  that  the  network  utilizes. 

b.       Negatives 

First,  we  are  not  fully  independent  to  do  what  we  like  and  we  have  to  comply 
with  the  security  or  other  regulations  of  the  LAN  administrator.  Second,  any  problem  that 
shuts  down  the  LAN  will  bring  down  our  web  server  while  the  problem  exists.  Finally, 
we  may  be  obligated  to  choose  the  same  hardware  and  software  used  by  the  other  LAN 
computers. 

2.     Connecting  the  Server  to  a  Stubnet 

A  stubnet  is  actually  a  subnet  with  few  connected  computers.  The  rest  of  the  LAN 
can  be  connected  to  the  Internet,  as  previously  mentioned  (see  Figure  12). 
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Figure  12:  A  Web  Server  Connected  to  a  Subnet  [Ref.13] 
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The  device  that  appears  in  Figure  12,  used  to  join  individual  subnets  to  the 
Internet  (via  a  router)  is  a  switch  but  it  can  also  be  a  bridge.  A  bridge  is  used  to  separate 
two  or  more  local  networks.  It  can  pass  traffic  between  the  networks,  based  on 
knowledge  about  which  hosts  are  on  which  interface  on  the  bridge. 

a.  Positives 

Since  the  web  server  is  isolated  from  the  other  LAN(s),  the  performance  of 
both  the  web  server  and  the  LAN(s)  can  be  improved. 

b.  Negatives 

Installing  our  web  server  outside  a  Local  Area  Network  security  environment 
is  more  vulnerable  to  possible  attacks. 

3.     The  Server  is  Inside  an  Intranet  or  a  LAN  and  Inside  a  Firewall 

When  we  put  our  web  server  inside  a  LAN  (see  Figure  13),  which  is  connected  to 
a  firewall  system,  we  have  to  configure  the  firewall  in  order  to  allow  the  HTTP  traffic 
that  is  forwarded  to  and  from  our  server. 
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Figure  13:  A  Web  Server  Connected  Inside  an  Intranet  or  a  LAN  and  Inside  a  Firewall 
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Of  course,  using  this  topology  can  be  a  considerable  security  risk.  The  solution 
to  this  issue  is  to  use  a  proxy  HTTP  server  in  our  firewall  system.  The  proxy  server 
blocks  the  direct  access  to  the  LAN  and  our  server.  When  a  proxy  server  receives  a 
request  from  the  Internet,  it  contacts  the  web  server  and  retrieves  the  requested  web  page. 
Since,  most  of  proxy  servers  provide  caching,  then  the  web  pages  that  have  been  recently 
accessed  are  stored  on  the  proxy  server  and  proxy's  sole  responsibility  is  to  check  if  the 
file  that  in  cache  and  the  file  that  is  in  the  server  are  identical.  If  they  are  different,  it 
retrieves  a  copy,  it  places  it  to  its  cache  and  sends  it  to  the  user  who  requested  it 
otherwise  it  sends  the  cached  copy. 

a.  Positives 

Using  caching  techniques,  the  performance  of  our  server  can  be  high.  In 
addition,  possible  attacks  can  reach  only  the  cached  web  pages  and  files  located  on  our 
web  server  or  on  LAN  computers  remain  untouched. 

b.  Negatives 

This  solution  is  more  complex  and  simultaneously  more  expensive,  because  it 
demands  more  hardware  and  software. 

4.     Server  is  Placed  Outside  a  LAN  and  Outside  of  a  Firewall 

The  final  alternative  is  to  connect  our  web  server  directly  to  the  Internet  and 
outside  a  firewall  (see  Figure  14).  This  topology  allows  bypassing  the  complexity  of  the 
previous  solution  and  provides  us  with  higher  level  of  freedom  and  functionality.  So,  we 
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have  absolute  control  of  the  web  server.  Furthermore,  we  avoid  the  traffic  that  leads  to 
and  from  the  LAN. 
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Figurel4:  A  Web  Server  Connected  Outside  the  Internet  or  a  LAN  and  outside  a  Firewall 

a.  Positives 

Installing  our  web  server  outside  inside  a  Local  Area  Network  we  can  have 
complete  control  over  the  server.  In  this  case  we  connect  our  PC  directly  to  the  Internet. 
You  can  choose  the  combination  of  hardware  and  software  that  provides  the  features  that 
you  want.  Set  up  access  control  and  security  restriction 

b.  Negatives 

The  price  of  independence  is  balanced  by  security  problems  that  can  be 
encountered  by  possible  attacks  cf  some  hackers. 

C.        CHOOSING  THE  RIGHT  HARDWARE  AND  SOFTWARE 
1.     Hardware 

The  platform  that  will  be  used  is  a  crucial  factor  that  will  also  influence  the 
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software  to  be  used.  The  higher  the  performance  of  our  machine  is  the  better  the  results 
of  our  web  server  will  be.  Of  course,  we  have  to  bear  in  mind  that  the  crucial  factor  that 
will  affect  our  decision  in  choosing  the  right  hardware  is  the  level  of  our  business  or 
organization.  This  means  that  if  our  business  is  relatively  small,  it  would  be  waste  of 
money  to  purchase  very  expensive,  high-end  machines  in  order  to  cover  a  low  traffic  web 
server  needs. 

For  the  purpose  of  this  thesis,  we  will  experiment  with  two  web  servers  and  install 
one  server  in  a  personal  computer  with  a  Pentium  200  MMX  CPU  and  82  MB  of  RAM 
and  a  second  in  a  personal  computer  with  a  Pentium  233  MMX  CPU  and  64  MB.  The 
operating  systems  will  be  Windows  2000  Professional  and  Windows  95  respectively.  In 
the  Pentium  200  PC  we  will  install  and  use  the  Internet  Information  Services  (IIS) 
version  5.0-web  server  and  in  the  Pentium  233  PC  will  utilize  Microsoft  Personal  Web 
Server  (PWS)  version  4.0. 

2.     Network  Models 

By-passing  the  previously  mentioned  topologies,  we  will  work  on  a  two  computer 
LAX.  Initially  Pentium  200  MHZ  PC  will  play  the  role  of  a  server  and  the  Pentium  233 
PC  the  role  of  a  client  (see  Figure  15).  Later  the  roles  will  be  reversed  and  the  Pentium 
233  will  play  the  role  of  the  server  and  the  Pentium  200  PC  the  role  of  a  client  (see 
Figure  16).  Both  PC's  will  form  a  small  peer-  to-peer  LAN  connected  by  coaxial  cable 
using  two  Ethernet  Cards. 
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Coaxial  cable 


Pentium200  as  a  web  server  (IIS  web  Pentium233mhz  as  a  web 

server),  sends  a  web  page  client,  requests  a  web  page 

Figure  15:  First  Web  Server/Client  Model 


Coaxial  cable 
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Pentium200  as  a  web  client  requests  Pentium233  as  a  web  server 

a  web  page  (Personal  web  server),  sends 

a  web  page 


Figure  16:  Second  Web  Server/Client  Model 


3.     Personal  Web  Server 
a.     Installation 

Personal  Web  Server  is  packaged  with  Microsoft  IIS  as  part  of  NT  4.0  option 
pack.  PWS  is  characterized  as  a  desktop  entry-level  web  server  specifically  suited  for 
Windows  9x-or  NT  Workstation  operating  system  users.  The  necessary  software  is  74.6 
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MB  and  can  be  downloaded  at  no  charge  from  Microsoft's  web  site  (see  Figure  17).  Once 
PWS  is  installed,  it  will  run  automatically  each  time  the  computer  starts.  The  only  sign 
that  shows  PWS'  activation  is  a  small  tray  icon  that  appears  at  the  right  side  of  the 
taskbar  (see  Figure  18). 
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Figure  17:  Setup  Page  of  Personal  Web  Server 
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Personal  Web  Server  is  running. 


Figure  18:  Icon  Activation  of  PWS 
b.     Features 

In  addition  to  web  server  capabilities.  Personal  Web  Server  kit  includes  the 
following: 

•  Transaction  Server 

•  Data  Access  Components 
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•  Message  Queue  Server  Client 

•  Easy  Administration 

We  can  run  the  PWS  by  accessing  the  default  web  page  and  checking  the  main 
page  of  the  server,  which  controls  the  function  of  the  server.  A  snapshot  with  some 
statistics  about  the  log  activity  (visitors  per  hour)  that  pentium233mhz  web  server  had.  is 
shown  on  Figure  19. 
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Figure  19:  Main  Page  of  Personal  Web  Server  (PWS)  Installed  in  the  Pentium233mhz  PC 

Another  alternative  for  users  running  Windows  2000  Professional,  is  to  activate 
Personal  Web  Manager  (PWM)  which  was  the  interface  of  Personal  Web  server  for  the 
users  of  Win  9x  or  NT  Workstation.  Personal  Web  Manager  occupies  1.4  Mbytes  and  is 
one  of  the  nine  components  of  IIS  v  5.0  (see  Figure  20).  Both  PWM  and  IIS  can  be 
activated  and  installed  following  the  sequence:  Control  Panel  -  Add/Remove  Programs- 
Add/Remove  Windows  Components. 
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ternet  Information  Services  (115} 


To  add  or  remove  a  component,  dick  the  check  box.  A  shaded  box  means  that  only  part 
of  the  component  will  be  instated.  To  see  what's  hcluded  in  a  component,  dick  Details. 

Subcomponents  of  Internet  information  Services  (I!S): 
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Figure  20:  Internet  Information  Services  (IIS)  Version.  5.0  Components 

The  advantages  and  disadvantages  of  the  Microsoft's  Personai  Web  Server  are 
similar  to  Personal  web  servers  and  are  listed  as  follows: 
c.     Advantages 

(1)  Using  PWS  we  have  the  ability  to  create  a  welcome  page  (home 
page).  The  welcome  page  is  the  first  page  that  a  user  sees  when  accessing  our  web  site 
and  provides  navigation  (links)  to  the  rest  of  our  site.  Nevertheless,  in  our  web  site 
development,  we  used  the  Microsoft's  Front  Page  2000  for  designing  not  only  the 
welcome,  but  the  entire  set  of  necessary  web  pages  as  well. 

(2)  PWS  includes  a  wizard  that  walks  you  through  setting  up  a  home 
page  and  sharing  files.  Personal  Web  Server  administrator  reduces  the  complexity  of 
running  a  Web  server.  Using  the  Personal  Web  Manager,  we  can  start  and  stop  the  server, 
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view  statistics  using  bar  charts,  and  easily  share  additional  directories  or  the  Windows 
Explorer. 

(3)  Personal  Web  Server  on  Microsoft  Windows  NT  Workstation  is  also 
ideal  for  developing  Web  applications  for  IIS.  Furthermore,  PWS  on  Windows  NT 
Workstation  includes  support  for  features  such  as  Active  Server  Pages  (.asp),  script 
debugging,  and  the  Internet  Service  Manager,  the  comprehensive  administration  tool  for 
IIS  integrated  into  Microsoft  Management  Console. 

(4)  We  can  also  develop  transactional  Web  applications  for  Microsoft 
Transaction  Server  (MTS),  another  part  of  Windows  NT  Server.  Personal  Web  Server  is 
a  great  platform  for  testing  a  site  before  hosting  it  on  a  company's  server,  or  on  an 
Internet  service  provider  (ISP).  So,  we  can  test  the  web  links,  forms,  scripts,  and 
applications  to  be  sure  they  will  be  displaying  and  working  properly  on  the  web. 
Moreover,  we  can  use  Microsoft's  FrontPage  to  easily  copy  a  web  site  developed  on 
PWS  and  switch  to  a  higher  performance  web  server  such  as  the  IIS. 

d.     Limitations 

Because  Personal  Web  Server  was  not  designed  to  support  high  volume  Web 
sites,  it  does  not  include  all  the  features  found  in  Internet  Information  Server,  such  as 
Microsoft  Site  Server  Express.  Index  Server,  and  Certificate  Server.  Due  to  its  limited 
capabilities  it's  ideal  for  testing  our  web  site  inside  a  relatively  small  Intranet,  before  we 
publish  it  to  the  Internet.  PWS  traffic  capabilities  are  limited  on  handling  8-10  clients 
simultaneously. 
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4.     Internet  Information  Service  (IIS)  5.0 

a.  Installation 

Internet  Information  Services  5.0  is  not  installed  on  Windows  2000 
Professional  by  default.  Before  we  install  it,  we  have  to  install  the  TCP/IP  Protocol  and 
Connectivity  Utilities.  For  security  purposes,  Microsoft  recommends  that  all  drives  used 
with  IIS  be  formatted  with  NTFS. 

We  start  the  installation  by  using  the  Add/Remove  Programs  application  in 
Control  Panel  and  then  to  choose  Add  /remove  Windows  Components.  IIS  v5.0 
consists  of  about  30  MB  of  files  that  need  approximately  10  minutes  to  be  installed  and 
configured.  When  we  upgrade  from  Windows  95/98  to  Windows  2000.  IIS  5.0  will  be 
installed  by  default  only  if  PWS  was  installed  on  your  previous  version  of  Windows. 
Some  other  improvements  are  that  we  don't  have  to  install  service  packs  and  reboot  our 
PC  once  we  finish  the  installation. 

b.  Features 

IIS  web  server  is  designed  for  heavy  traffic.  However,  if  we  know  in  advance 
the  numbers  of  the  expected  visitors  per  day  we  can  tune  the  server  properly  (see  Figure 
21).  If  we  don't  have  this  information,  the  best  solution  is  to  install  a  hit  counter  in  our 
welcome  web  page  and  together  with  the  log  activity  that  we  have  for  a  certain  period  in 
our  web  server  we'll  adjust  it  for  the  optimal  performance. 
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Figure  2 1 :  IIS  Performance  Tuning 


Using  IIS,  we  can  watch  log  activities  by  hour,  day,  week  or  month,  and  can 
limit  the  maximum  number  of  connections  permitted.  We  can  also  set  the  length  of  time 
in  seconds  before  the  server  disconnects  an  inactive  user.  This  ensures  that  all 
connections  are  closed  if  the  HTTP  protocol  fails  to  close  a  connection.  Another  feature 
is  "HTTP  Keep-Alives"  property.  If  we  enable  this  property,  we  allow  a  client  to 
maintain  on  open  connection  with  our  server,  rather  than  re-opening  the  client  connection 
with  each  new  request.  In  case  that  we  decide  to  disable  "Keep-Alives"  we  may  degrade 
our  web  server  performance. 

c.     Advantages 

The  IIS  package  is  designed  to  cover  high  web  traffic  needs  that  PWS  cannot 
meet.  Furthermore,  IIS  provides  to  the  users  not  only  web  server  services,  but  some 
additional  ones  such  as  File  transfer  Protocol  Services  (FTP),  Simple  Mail  Transfer 
Protocol  (SMTP)  services  and  News  Services.  The  5.0  version  provides  the  users  some 
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extra  security  enhancements  such  as  restricting  guest  accounts  and  setting  appropriate  file 
permissions. 

Moreover,  as  we  already  mentioned  in  Chapter  II,  IIS  supports  the  Fortezza 
security  standard).  Transport  Layer  security.  Digest  Authentication  and  Kerberos  v  5.0 
authentication  protocols  used  in  Windows  2000.  Finally.  IIS  v5.0  features  Web  based 
Distributed  Authoring  and  Versioning  (WebDAV),  which  is  a  standard  designed  to 
simplify  the  construction  of  intranets  and  give  the  ability  to  multiple  users  to  publish 
documents  to  a  common  Web  server. 

d.  Limitations 

Some  hardware  limitations  are  the  high  demand  of  RAM  memory  (in  order  to 
work  efficiently  it  needs  at  least  128  MB  and  the  hardware  platform  must  be  at  least  a 
Pentium  200MHZ).  In  our  case,  we  run  the  IIS  server  on  a  200  MHZ  platform  using  only 
82  MB  of  RAM.  In  addition,  the  lack  of  a  Unix  version,  and  documentation  on  the 
newest  features  is  a  serious  problem.  Finally,  IIS  runs  only  on  Server  editions  of 
Windows  2000  and  the  remote  Web-based  administration  still  needs  to  be  improved. 

e.  Web  Server  Management 

In  addition  to  managing  IIS  from  its  own  window,  Windows  2000 
Professional  gives  us  the  ability  to  reach  and  manage  IIS  from  a  remote  location.  From 
Control  panel.  Administrative  Tools  we  can  open  a  Computer  Management  window  and 
have  the  ability  to  control  our  computer  with  IIS  included  (see  Figure  22). 
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Figure  22:  IIS  Control  from  Computer  Management  of  Wm2000 


NAMING  OUR  COMPUTER. 


Naming,  is  giving  a  name  to  the  computer  that  will  host  the  web  server.  After  we 
install  the  web  server  software  in  our  computer,  people  can  access  our  web  server  and 
specifically  our  site.  In  some  instances  providing  access  to  our  site  requires  knowing  our 
computer  IP  address,  rather  than  just  the  computer  s  name.  Every  computer  has  a  name 
and  a  unique  12-digit  IP  address.  The  default  name  for  a  computer  is  usually  'default" 
(unless  we  change  it)  and  in  Windows  2000  Professional  it  can  be  seen  if  we  click  the 
Network  icon  in  Control  Panel  and  select  identification  (see  Figure  23).  In  this  instance 
the  computer  name  is  Pentium200. 
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Figure  23:  Identification  of  a  Computer  in  Windows  2000  Professional 
1.     Providing  a  Web  Site  Domain  Names 

While  an  IP  address  is  something  that  we  cannot  easily  remember,  its  more 
practical  to  have  and  use  a  name  that  can  be  memorized.  For  this  purpose,  we  can  utilize 
a  domain  name  that  identifies  uniquely  a  computer  (or  host)  that  is  connected  on  the 
Internet.  The  domain  name  consists  of  a  actual  domain  and  a  suffix  that  is  a  Top  Level 
Domain  (TLD)  name  (e.g  in  www.mvweb.com  ,  myweb  is  the  actual  domain  and  .com  is 
the  TLD.  More  details  about  TLDs  are  provided  in  Appendix  E.  In  order  to  obtain  a 
unique  domain  name,  we  must  register  it  with  a  company  that  provides  such  services. 
Among  them,  are  Internic  [Ref.14],  Network  solutions,  register.com,  and  NaroeSecure, 
which  with  a  relatively  small  amount  of  money  can  provide  a  registered  unique  domain 
name  for  a  certain  period  of  time.  In  addition  there  are  some  web  sites  that  offer  free 
domain  names  like  www.namezero.net,  under  some  restrictions  of  course. 
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2.     IP  Addresses  of  the  Two  PCs 

Concemms  the  local  IP  address  assisned  to  our  machines,  we  chose  one  of  the 
three  groups  of  IP's  that  are  valid  for  use  on  a  machine  connected  to  a  private  LAN  (that 
won't  collide  with  other  machines).  So.  we  used  Class  C  DP  addresses  (ranging  from 
192.168.0.0  to  192.168.255.255).  The  other  two  Classes  are:  Class  A  (10.0.0.0  to 
10.255.255.255)  and  Class  B  (172.16.0.0  to  172.31.255.255).  Finally,  Pentium200 
machine  IP  address  is  192.168.0.1  and  Pentium233  is  192.168.0.2. 

E.         CREATING  AND  MANAGING  THE  DIRECTORIES  OF  OUR  WEB  SITE 

Files  and  directories  (folders)  that  will  be  publicized  must  be  organized  before  we 
install  the  web  server.  Our  personal  web  server  cannot  publish  pages  that  are  stored 
outside  the  specific  directories  related  with  our  web  site. 

1.  Physical  Directories 

The  directory  structure  that  can  be  seen  by  using  the  Windows  Explorer  is  the 
physical  directory.  In  our  case,  the  files  (web  pages)  of  our  web  site  are  stored  in 
C:\Inetpub\wwwroot  directory. 

2.  Virtual  Directories 

Virtual  directories  are  the  structure  that  reflects  the  web  site.  This  consists  a 
hierarchv  of  virtual  directories.  There  are  three  main  reasons  for  using  the  virtual 
directories  on  web  servers: 
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a.  Make  the  URL  web  pages  shorter  and  easier  to  remember,  because  it 
reduces  the  typing  time.  In  order  to  do  this  the  web  master  can  assign  a  virtual  directory 
name  (or  alias)  to  the  specific  directory.  For  example,  instead  of  typing: 
www.mvnevvs.com/sports/carraces/formulal/Iagunaseca/index.htm  We  can  make  the 
URL  shorter  using  a  virtual  directory  that  takes  us  directly  to  the  web  page  that  we  wish.: 
v\  Avw.mvnews.com/lagunaraces/index.htm 

b.  This  provides  the  computer  with  extra  security,  because  it  hides  the 
physical  directory  structure  on  this  hard  disk  drive,  from  all  the  web  site  visitors. 

c.  Finally,  it  allows  the  Webmaster's  web  site  structure  to  remain 
independent  of  the  directory  structure  on  the  hard  drive.  So,  he  can  move  files  on  the  disk 
between  different  physical  folders  without  having  to  change  the  structure  of  the  web 
pages. 

3.     Publishing  a  Virtual  Directory 

In  order  to  create  virtual  directories,  we  use  the  web  server.  In  addition,  we  can 
specify  the  relationships  between  the  virtual  directory  and  the  physical  directory.  For  this 
purpose,  IIS  have  has  a  very  handy  Wizard  which  is  called  Virtual  Director}'  Creation 
wizard  (see  Figure  24).  After  following  the  directions  in  this  wizard  we  end  up  with  the 
creation  of  a  virtual  directory.  An  example  is  shown  on  Figure  25. 
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Fisure  24:  Virtual  Directory  Creation  Wizard  in  US 
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Figure  25:  Virtual  Directory  (HELLENIC_SITE)  Created  in  US 

Using  PWS  we  have  the  same  ability.  So,  if  we  click  the  Advanced  Options  icon 
(see  Figure  26).  We  can  create  a  virtual  directory.  An  example  is  shown  on  Figure  27. 
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Fisure  26:  Virtual  Directory  Handling  in  PWS 
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Fisure  27:  Virtual  Directory  CGR  Site)  Created  in  PWS 

F.         WEB  BROWSERS 

The  web  browser  in  our  model  plays  the  role  of  the  client.  The  necessary  feature 
in  the  selection  of  a  modem  web  browser  is  to  be  Java  language  capable.  Most  modem 
web  browsers  support  Java.  For  LAN  environments  we  have  to  select  the  same  web 
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browser  for  all  computers.  Doing  this,  we  reduce  the  training  and  support  time  for  the 
users. 

In  our  implementation,  we  used  both.  Netscape  and  Microsoft  Internet  Explorer, 
each  of  which  are  Java  capable  browsers. 

G.    CONSTRUCTING  THE  WEB  SITE  TO  BE  HOSTED  IN  THE  WEB 
SERVER 

1.     Web  Page  Authoring  Tools/  HTML  Editors 

HTML  stands  for  Hypertext  Markup  Language,  which  is  the  source  language  for 
documents  that  used  as  web  pages.  HTML  has  the  ability  to  embed  commands  that 
determine  formatting  along  with  the  text  to  be  displayed  [Ref.  14].  There  are  two  main 
categories  of  HTML  editors.  The  first  category  can  generate  simple  and  raw  HTML 
pages  and  the  second  provides  a  WYSIWYG  (What  You  See  Is  What  You  Get) 
environment.  The  second  category  is  the  one  that  offers  all  the  modem  authoring 
features,  such  as  sophisticated  menus,  automated  wizards  and  macros.  The  interface  of 
WYSIWYG  web  page  tools  is  usually  similar  to  that  of  a  modern  Word  Processor  and  the 
user  does  not  generally  need  to  know  how  HTML  works  in  order  to  use  it. 

For  the  purpose  of  this  thesis,  I  used  Microsoft's  FrontPage  2000,  which  is  a 
WYSIWYG  web-authoring  tool  that  provides  a  friendly,  graphical  interface  for  tasks 
such  as  inserting  tables,  graphics,  and  scripts. 
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2.     Front  Page  Extension  Tools 

The  FrontPage  Server  Extensions  are  a  set  of  three  programs  that  support  features 
such  as  collaborative  authoring,  hit  counters,  e-mail  form  handling,  and  editing  a  Web 
site  directly  on  a  server  computer.  FrontPage  MMC  snap-in  is  a  program  that  you  use  to 
administer  the  FrontPage  Server  Extensions  and  FrontPage-extended  webs.  You  can  use 
it  to  extend  virtual  servers,  create  sub  webs,  upgrade  the  server  extensions  on  a  web, 
convert  folders  into  sub  webs  and  vice  versa  or  recalculate  hyperlinks  in  a  web. 

The  Microsoft  FrontPage  MMC  snap-in  has  a  complete  help  system  providing 
FrontPage  server  extensions  overviews  and  descriptions  of  server  extensions 
administrative  techniques.  [Ref.  15] 


H.        WEB  SITE  PERFORMANCE 

Some  of  the  main  factors  affecting  web  site  performance  are: 

1.  Large  Graphics  Richness.    The  more  graphics  a  web  page  has,  the  more 
time  the  web  browser  needs  to  download  the  page. 

2.  Sound-Video-Animation  Files.    The  rule  of  large  graphics  also  applies  here. 

3.  Network  Connection  Speed.  The  faster  the  network  connection  is  the  faster 
the  web  page  will  appear  on  the  user's  screen. 

In  addition,  the  user's  hardware  configuration,  such  as  processor  and  RAM,  may 
affect  the  final  performance. 
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In  our  application  (the  NPS  Student  Information  web  site),  I  used  only  text  with 
few  images.  The  background  was  almost  white.  No  animation,  video  graphics  or  sound 
files  were  used.  The  connection  speed  was  the  highest  possible,  because  the  two  PC's 
were  interconnected  in  a  LAN. 


I.  WEB  SERVER  SECURITY 

The  most  crucial  chapter  of  the  web  server  construction  is  the  one  that  refers  to 
security  measures.  No  matter  where  we  decide  to  place  our  web  server,  some  security 
measures  must  be  taken  in  order  to  avoid  futures  catastrophes.  The  security  policy  must 
cover  not  only  outside  "enemies"  but  "insiders"  as  well.  Security  mechanisms  that 
protect  the  valuable  data  from  outside  intruders  are  called  firewalls.  A  firewall  is  a 
combination  of  hardware  and  software,  which  sits  between  an  Internal  network  and  the 
Internet.  Its  primary  objective  is  to  limit  the  access  in  and  out  of  our  network,  based  upon 
an  established  security  policy.  Firewalls  can  also  be  used  to  reduce  the  outgoing  traffic  of 
our  network  by  restricting  users  access  to  the  Internet.  The  most  common  categories  of 
firewall  filtering  mechanism  are  the  following  [Ref.16]: 

•  Proxy  Servers. 

•  Packet  Filters 

•  Application  Gateways 

•  Circuit-Level  Gateways 

•  Stateful  Inspection 

The  above  firewalls  use  different  filtering  techniques  in  order  to  achieve  similar 
goals:  the  elimination  of  possible  attacks.  There  are  also  firewalls  that  use  combination  of 
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these  techniques,  which  can  improve  the  security  level.  "Firewall  scanners"  are  tools  that 
allow  you  to  check  your  corporate  network  and  detect  potential  security  holes  in  both  the 
application  and  the  operating  system  levels.  Some  of  the  most  well-known  firewall 
vendors  are  TIS  Gauntlet,  BorderWare,  Raptor,  CvberGuard  and  IBM  Secure  Way. 

J.  INSTALLING  A  PROXY  SERVER 

In  order  to  implement  the  dual  web  server  evaluation  test  while  we  use  one 
Internet  connection  and  two  PCs,  we  had  to  install  a  program  called  proxy  server.  A 
Proxy  server  is  a  program  that  allows  any  machine  on  our  local  network  to  route  its 
requests  through  a  central  machine  that  act  as  a  gateway  to  the  Internet.  In  addition,  it 
offers  some  security  (firewall)  that  protects  the  computers  on  the  LAN  from  outside 
attacks.  In  our  implementation,  we  chose  to  install  a  proxy  server  program  in  the 
Pentium200  PC  in  order  to  share  the  same  Internet  connection  with  the  LAN.  Thus,  using 
only  one  connection  to  the  Internet  with  one  modem  in  the  Pentium200  PC  we  enable 
Internet  access  for  the  Pentium233  PC  and  protection  of  this  PC  as  well. 

We  downloaded  AnalogX  Proxy  v  5.0  from  its  web  site  [Ref.  10].  Its  file  size  is 
very  small  (just  188.1Kbytes).  In  order  to  install  this  proxy  server,  we  run  the 
downloaded  file  on  the  machine  with  the  Internet  connection  and  configure  the  other 
machine  to  use  a  proxy.  The  procedures  of  install  and  configure  take  only  few  minutes 
(see  Figure  28). 
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Fisure  28:  Configuring  the  AnalosX  Proxv  Server 
AnalogX  Protocols 
AnalogX  supports  the  following  protocols: 

HTTP  (for  web  browsers-port  #6588), 

HTTPS  (for  secure  web  browsers-port  #  6588). 

POPS  (for  receiving  mail,  port  #110). 

SMTP  (for  sending  mail  port  #  25)  NNTP  (usenet  newsgroups.  port#l  19). 

FTP  (file  transferring,  port#  21), 

SOCKS4  (TCP  proxying,  port  #  1080), 

SOCKS4a  (TCP  proxying  with  DNS  lookups,  port  #  1080) 

And  partially  (does  not  support  UDP)  Socks5,  port  #  1080) 
Moreover,  AnalogX  works  with  many  web  browsers  like  Internet  Explorer, 
Netscape,  AOL,  AOL  Instant  Messenger  or  Microsoft  Messenger.  We  can  see  if  it  is 
running  by  a  round  shaped  red  or  green  icon  that  appears  at  the  lower  right  part  of  the 
screen  on  the  toolbar  (see  Figure  29). 
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Figure  29:  Indicator  Icon  of  AnalogX  Proxy  Server 
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V.         POST-IMPLEMENTATION  REQUIREMENTS 

Creating  the  web  server  and  its  necessary  components  is  not  the  difficult  part  of 
the  job.  The  remaining  job,  which  is  the  management  and  the  maintenance,  is  the  most 
difficult  and  simultaneously  most  critical.  The  role  of  a  web  manager  proved  to  be  very 
important  and  decisive  for  the  viability  of  the  web  site.  So,  he  or  she  must  be  properly 
qualified  in  order  to  carry  out  his  or  her  mission  successfully.  Required  skills  include 
knowledge  of  management,  statistical  analysis,  business,  computers  science  and 
experience  in  project  management  and  the  Internet. 

Additional  responsibilities  include  defining  server  standards,  monitoring  users, 
training  others  in  web  document  design,  policy  formation  and  enforcement,  and  data 
owner  support  services.  Successful  web  masters  will  bring  a  mix  of  skills  and  talents 
appropriate  to  the  needs  of  the  organization  in  building  effective  web  systems  [Ref.21]. 
Below  are  listed  some  of  the  duties  are  usually  assigned  to  a  web  manager  [Ref.22]: 

Hosting  account  administration 

Disk  space  monitoring  and  management 

CPU  resource  monitoring 

Web  application  performance  monitoring 

Review  of  Web  site  access  statistics 

Installing  software  upgrades 

Domain  name  and  digital  server  certificate  status  monitoring 

Safekeeping  of  digital  certificates  and  private  keys 
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Downloading  and  archiving  log  files 

Policing  of  data  files,  permission  settings,  and  logs 

Periodic  testing  and  preventive  maintenance  of  security  features 

Database  performance  monitoring 

Data  archiving 


After  installation  of  the  web  server  and  the  development  of  the  web  site,  crucial 
questions,  concerning  the  administration  of  our  web  site,  will  arise.  Some  of  them  are 
listed  below: 

A.  HOW  MANY  WEB  SITES  WILL  BE  HOSTED  ON  THIS  SERVER? 

If  we  host  only  one  site  on  our  web  server,  it's  no  problem  to  monitor  or  maintain 
it.  Putting  more  than  one  web  site  on  a  web  server  requires  shared  hosting.  So,  in  a  single 
web  server  computer  it  is  possible  to  host  dozens  or  even  hundreds  of  independent  web 
sites.  In  this  case,  we  must  assign  the  duty  of  their  maintenance  to  more  than  one  person 
since  it's  impossible  for  a  single  person  to  keep  track  of  many  web  sites. 

B.  WHO  WILL  BE  THE  WEB  ADMINISTRATOR.  THE  WEB  MASTER 
AND  THE  ACCOUNT  MANAGER? 

This  will  depend  upon  the  range  of  the  Web  server.  In  a  high-end  web  server  with 

a  high  volume  of  web  traffic,  we  need  highly  experienced  persons  for  each  of  these 

duties.  Of  course  the  more  complex  the  system  the  more  people  will  be  needed  for  the 
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above  positions.  Below  is  a  description  of  each  duty  and  the  qualifications  that  the 
assigned  person  should  have. 

1.  Web  Administrator 

This  is  the  person  that  usually  controls  everything  that  is  involved  in  the  web  jobs 
of  an  organization  or  a  business.  In  large  enterprises  this  may  be  the  Chief  Information 
Officer  (CIO)  of  the  company.  He  or  she  must  be  a  highly  experienced  person  specialized 
in  Information  Technology  (IT)  management. 

2.  Account  manager 

This  person  controls  the  people  who  are  eligible  to  have  access  to  the  web  server 
files.  An  experienced  and  professional  technician,  specialized  in  computers  can  do  this 
job. 

3.  Web  master. 

The  web  master  is  the  person  who  accepts  the  feedback  of  all  the  users  of  the  web 
site  and  evaluates  which  updates  or  improvements  should  be  done  in  the  web  site.  This  is 
a  job  for  a  computer  programmer,  who  knows  html,  web  site  development  tools  and 
Internet  networking  generally. 

C.        WEB  ADMINISTRATOR.  RULES  TO  REMEMBER 

Below  are  listed  some  rules  and  tips  that  a  web  administrator  should  bear  in  mind 
in  order  to  improve  the  quality  of  a  web  site  [Ref.21]: 

1.     Knowledge  of  our  Clients 

The  first  precept  of  building  any  information  system  is  to  know  our  clientele  and 

their  information  needs.  The  knowledge  of  these  needs  aids  us  in  the  improvement  of  our 

services. 
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2.     Boosting  the  Data  Owners 

Those  who  have  responsibility  for  the  content  being  served  on  our  web  server  are 
the  "owners'  of  the  information  and  therefore  should  be  involved  in  how  it  is  presented. 
This  involvement  could  be  as  trivial  as  advising  the  person  who  marks  it  up  in  HTML  or 
as  substantive  as  doing  it  themselves.  Those  falling  into  the  latter  category  should  be 
supported  in  several  ways  such  as: 

a.  Personnel  Training 

Training  is  crucial  in  the  IT  business.  Everybody  who  deals  with  computers 
needs  to  be  up-to-date  in  order  to  take  advantage  of  new  technologies  and  make  best  use 
of  them.  Since,  no  one  is  born  knowing  HTML,  markup  training  is  certainly  a  beginning 
requirement.  But  beyond  that  our  data  owners  may  require  training  in  using  FTP.  format 
conversion  (e.g.,  Adobe  Acrobat  files  (.pdfh  word  processing  to  HTML  conversion 
utilities),  image  acquisition  and  handling  hardware  (e.g..  scanners,  digital  cameras)  and 
respective  software  (e.g.,  Corel  Draw).  Internet  searching  techniques  (e.g.,  search 
engines),  and  effective  use  of  web  browsers. 

b.  Providing  Templates 

Providing  basic  HTML  templates  for  common  structure  types  of  web  pages  is 

a  very  helpful  way  to  save  time  creating  new  files.  The  simplest  way  to  do  this  is  to  write 

an  HTML  'shell"  that  data  owners  can  fill  in  with  their  own  information.  For  some  types 

of  files  that  do  not  require  sophisticated  markup  we  may  want  to  write  a  small  program 

(i.e.  script)  that  will  create  a  web  document  with  the  appropriate  basic  markup  for  our 

server  simply  by  filling  in  a  few  blanks  on  a  form.  This  method  can  be  particularly 

important  to  allow  those  who  do  not  have  the  time  or  capacity  to  leam  HTML  to 

contribute  information  to  our  web  server. 

50 


c.  Sharing  Information 

Chances  are  we  do  more  HTML  as  a  web  manager  than  anyone  else  in  our 
organization.  Therefore  we  have  likely  learned  a  few  things  along  the  way.  Share  those 
tips  and  tricks  with  our  data  owners.  Another  idea  is  to  create  a  mailing  list  of  our  data 
owners  so  that  sharing  information  with  them  as  a  group  could  be  an  easy  job. 

d.  Providing  Assistance 

Although  we  may  not  have  the  time  to  hold  everyone's  hand,  sometimes  there 
is  simply  no  substitute  for  sitting  down  with  someone  and  showing  him  or  her  how  to  do 
something  or  even  doing  it  for  them  while  they  are  there  to  tell  us  how  they  want  it. 

3.  Formulation  of  Policies 

Sooner  or  later  we  will  need  to  write  policies  that  govern  appropriate  uses  of  our 
web  server.  With  a  written  policy  that  has  been  reviewed  by  appropriate  groups  within 
your  organization,  we  will  be  authorized  to  refuse  requests  that  fall  outside  of  this  policy. 

4.  Enforcement  of  Standards 

Maintaining  a  web  server  without  setting  and  enforcing  some  standards  could  lead 

to  disaster.  If  we  allow  our  data  owners  to  do  anvthins  thev  like  thev  often  will,  and  this 

will  lead  to  "web  disorder".  We  must  determine  the  essential  limits  on  creativity  to 

protect  usability  and  user  friendliness  and  stick  to  them.  On  the  other  hand,  we  must  be 

careful  not  to  set  limits  when  none  need  exist.  So,  a  good  policy  is  to  reevaluate  our 

standards  periodically.  If  they  are  too  strict,  we  should  loosen  them  up.  If  we  are  facing 

problems  where  no  standards  exist  or  where  they  are  too  loose,  then  it's  time  to  be  more 

strict. 
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5.  Encouragement  of  Creativity 

Within  the  framework  provided  to  the  data  owners,  we  can  promote  and 
encourage  the  creativity.  The  issue  is  to  keep  a  reasonable  balance.  One  way  in  which 
this  can  be  done  is  to  specify  the  presence  of  some  simple  graphic  element  or  text  that 
will  place  the  page  in  context  (such  as  a  button  bar  that  identifies  the  institution)  and 
leave  the  rest  to  be  filled  in  by  the  data  owner.  In  addition,  when  we  encourage  creativity 
it  is  possible  that  those  who  are  the  most  creative  set  examples  that  inspire  and  challenge 
the  others.  Applying  this  method  can  be  a  much  more  effective  motivation  than 
mandating  participation. 

6.  User  Monitoring 

It  is  usual  for  the  majority  of  web  servers  to  keep  statistics  on  client  requests. 
Logs  include  data  that  specifies  the  type  of  client  software  used,  the  kinds  of  errors  they 
are  experiencing,  and  what  pages  they  are  looking  at.  All  of  these  logs  are  typically 
available  in  a  specific  directory. 

7.  Studying  the  Competition 

A  good  web  manager  should  be  on  the  web  as  much  as  possible  every  day.  The 
purpose  is  to  see  what  others  are  doing  and  how  they  are  doing  it,  and  to  get  new  graphic 
design  ideas.  Doing  so,  we  can  decide  what  we  don't  like  by  seeing  the  mistakes  of 
others. 
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8.  Checking  the  Links 

A  common  problem  that  all  web  managers  face,  is  keeping  the  links  on  their 
server  updated.  Documents  are  moved  every  day,  thereby  making  links  that  lead  users 
nowhere.  It  is  the  responsibility  of  the  web  managers  to  help  his  data  owners  identify 
these  links  so  they  can  be  fixed. 

9.  Striving  for  the  Best 

No  matter  how  good  we  are  doing  as  web  managers,  there  is  always  room  for 
improvement.  Below  are  some  ways  that  we  can  be  sure  we  are  doing  as  well  as  possible, 
since  they  tend  to  be  things  that  are  overlooked  by  many  web  managers: 
a.     Error  Message  Replacement  page 

Most  web  server  error  messages  are  cryptic  at  best  and  user  hostile  at  worst. 
The  default  "file  not  found"  error  message  is  a  nice  example  (see  Figure  30). 
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Figure  30:  Default  Screen  for  a  "404  Not  Found"  error 
This  error  message  tells  the  user  nothing  about  finding  the  page  they  are  looking 
for.  Using  the  built-in  ability  of  most  web  servers,  we  can  replace  the  standard  error 
messages  with  something  that  is  more  useful  and  descriptive  (see  Figure  31). 
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Figure  31:  Screen  of  a  replacement  error  message  for  a  "404  Not  Found"  error  [Ref.21]. 

b.     Referrals 

One  of  the  most  direct  ways  to  prevent  users  from  losing  our  information 
when  we  move  some  pages  is  to  create  a  new  page  pointing  to  the  new  location.  On  such 
a  page  we  will  typically  request  that  the  user  update  any  bookmarks  or  links  that  they 
have  to  the  old  location  (see  Figure  32). 
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Figure  32.  Screen  of  a  Referral  to  a  New  Web  Address  [Ref.2T 


54 


c.     Redirecting  a  Web  Page  Address 

Redirection  is  the  procedure  whereby  we  can  specify  the  new  location  of  a 
document  behind  the  scenes.  Then,  when  a  user  requests  the  document  at  the  old  location 
they  are  automatically  redirected  to  the  new  location.  Doing  this  we  avoid  the  appearance 
of  "404  File  Not  Found"  error  message  as  well  as  the  need  to  put  up  an  explicit  referral. 

10.        Question  Everything 

It  is  all  too  easv  to  assume  that  our  first  decisions  on  the  design  of  our  server  are 
the  best.  So,  we  should  periodically  question  all  of  our  decisions  and  search  if  there  is  a 
better  way  to  organize  our  information  or  design  a  particular  page.  We  also  have  to  ask 
for  critical  evaluations  from  our  users  and  other  staff  in  our  organization. 

Finally,  we  have  to  look  critically  at  each  web  page  for  accuracy,  usability,  good 
visual  design,  and  proper  display  in  different  browsers. 

D.         MAINTENANCE 

1.  Backup 

A  frequent  backup  and  an  installed  UPS  can  provide  us  with  a  high  level  of 
assurance  against  any  accidental  loss  of  data. 

2.  Troubleshooting 

A  FAQ  can  be  installed  and  utilized  each  time  someone  needs  assistance 
resolving  possible  problems  that  may  occur. 
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E.  WEB  SITE  ADMINISTRATIVE  TOOLS 

Large  scale  or  mission-critical  websites  usually  require  some  automated  tools  to 
optimize  performance  and  provide  effective  management.  These  tools  are  software 
programs  that  can  help  us  to  manage  and  maintain  a  web  site.  There  are  four  main 
categories  of  web  management  tools  [Ref.23]: 

1.  Web  Site  Change  and  Configuration  Management  Tools. 

2.  Web  Site  Integrity  and  Accuracy  Tools. 

3.  Tools  that  Gather  Analyze  the  Traffic  and  Usage  Patterns. 

4.  Tools  that  Help  Examine  and  Manage  Web  Site  Content. 

F.  AN  EXAMPLE  OF  WEB  SITE  CHANGE  MANAGEMENT  PROGRAM 

[Ref.24] 

1.     Description 

Stage2Live  is  a  web  site  change  management  program.  It  assists  with  incremental 
site  updates  by  copying  and  recording  files  that  have  changed  on  our  web  servers.  A  site 
rebuild  feature  lets  us  restore  our  web  site  to  any  earlier  version  that  was  placed  into  the 
library.  A  complete  Version  3.2  can  be  downloaded  for  free  from  the  Internet. 

All  monitored  files  are  synchronized  into  a  system  library,  where  we  can  later 
examine  and/or  restore  multiple  revisions  of  the  same  file.  This  is  an  excellent  method  for 
keeping  a  historical  reference  of  our  web  site. 

Stage2Live  can  be  used  to  create  an  automated  one-to-manv  or  manv-to-many  site 

release  strategy  for  html,  asp,  text,  graphic,  and  other  web  files.  The  program  also 
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supports  FTP  uploads  to  your  destination  sites.  Restore  previous  versions  of  the  files  on 
our  web  site. 

2.     Prerequisites 

In  order  to  run  Stage2Live  with  Windows  9x/NT/2000,  we  must  have  Microsoft 
Access  97  or  2000  installed  in  our  computer. 

Below  are  some  snapshots  of  the  Stage2Live  program  (see  Figures  33-34). 
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Figure  34:  Log  Historv  of  our  Web  Site  using  Stage2Live  Program 
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Figure  35.  Web  Pages  or  Files  that  Added.  Changed  Or  Deleted  Using  Stage2Live 

Program 

G.        FINALS  NOTES  ABOUT  WEB  MANAGEMENT 

A  good  manager  must  always  be  proactive  and  prevent  problems  before  they 
arise.  This  is  the  best  policy  to  implement  in  order  for  an  organization  or  a  business  to  run 
effectively. 
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VI.       CONCLUSIONS  AND  RECOMENDATIONS 

A.        CONCLUSIONS 

1.  Topology 

In  chapter  IV,  we  noticed  that  each  LAN  configuration  has  cons  and  pros.  If  we 
want  functionality  and  simplicity,  we  should  place  our  web  server  out  side  of  a  LAN  or  a 
firewall.  In  the  case  that  our  server  provides  confidential  or  restricted  information  and  we 
need  increased  security,  we  have  to  be  oriented  to  the  firewall  and  proxy  solutions. 

2.  Security  Issues 

The  Internet  has  never  been  a  secure  place  nor  will  it  be  in  the  near  future. 
Problems  with  possible  hackers  will  continue  to  exist  and  as  people  become  more 
educated  especially  in  the  technical  fields  the  number  of  "intruders"  will  continue  to  rise. 
The  remedy  for  this  situation  is  to  design  more  secure  systems  that  will  prevent  possible 
attacks.  In  addition,  web  server  administrators  have  to  check  and  to  restrict  the 
publication  of  any  kind  of  information  such  as  names,  addresses,  phone  numbers,  credit 
card  and  social  security  numbers  of  individuals  that  will  be  utilized  by  possible  hackers 
for  frauds  or  any  other  criminal  actions. 

Finally,  because  a  system  will  never  become  100%  secure,  we  must  be  sure  when 
we  are  requested  to  send  any  sensitive  information  via  the  Internet.  For  this  reason,  the 
Security  Information  alert  window  can  provide  a  warning  message,  if  we  requested  a 
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secure  document  or  if  we  are  going  to  submit  any  kind  of  information  via  our  web 
browser  (See  figures  36  and  37). 
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Figure  36: 
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Figure  37:  Security  Information  Alert  Window  about  Insecure  Site 
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The  use  of  a  proxy  server  proved  very  valuable,  because  it  can  filter  whatever  we 
chose  to  prohibit  from  our  computer.  Moreover,  it  was  very  easy  to  use  and  didn't 
consume  a  lot  of  resources. 

3.  Personal  Web  Server 

PWS  proved  to  be  a  very  handy  and  useful  web  server.  Regardless  of  its  limited 
capacity.  PWS  has  handling  capabilities  that  some  of  the  high-end  counterparts  have. 
Using  the  main  menu  you  can  monitor  many  activities  such  as  the  number  of  active 
connections,  the  visitors,  the  requests  and  the  even  the  number  of  bytes  served,  You  can 
also  view  some  statistics  in  a  graphical  mode  (bar  charts)  such  as  the  requests  per  day  or 
per  hour,  or  the  visitors  per  day  or  per  hour. 

4.  Internet  Information  Services  Web  Server 

Using  IIS  under  Windows  2000  Professional,  and  utilizing  ASP  technology, 
increased  security  is  possible,  because  Windows  2000  authentication  can  be  used.  With 
only  82  MB  RAM,  instead  of  the  best-suggested  128  MB,  we  encountered  no  problems, 
probably  because  the  web  traffic  was  just  one  client  (the  Pentium  233  PC).  However,  we 
cannot  estimate  the  efficiency  of  our  web  server  in  a  high  traffic  situation,  since  it  wasn't 
possible  to  check  it  in  such  conditions.  In  addition,  the  operation  of  TLS  compared  with 
PWS  is  more  complex,  because  of  its  additional  capabilities  and  it  should  be  administered 
by  an  expert. 
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5.     Access  Control 

One  of  the  problems  that  we  faced  during  the  implementation  phase  was  the 
configuration  of  the  Ethernet  cards  that  this  small  LAN  used.  In  order  to  make  them 
work,  we  decided  to  swap  the  two  cards  and  install  the  necessary  drivers  from  the  start. 
Another  issue  was  the  increased  security  that  Windows  2000  Professional  provides 
(comparing  with  the  Win95.)  So,  every  time  that  we  tried  to  connect  the  Win95  PC  with 
the  Win2000  PC.  we  were  asked  for  a  valid  password  (See  Figure  38). 


name  and  P 


Enter  username  for  1 921 68.0.1  at  1 921 68.0.1 : 


User  Name: 
Password: 


OK 


Cancel 


Fiaure  38:  Username  and  Password  Check  for  a  LAN 


'c 


While  logged  in  Win95  PC  (in  our  case  in  Pentium233hmz  PC)  as  a  *'userX" 
using  as  a  password  "passwordY",  in  order  to  be  connected  to  the  Win2000  PC  (in  our 
case  Pentium200  PC),  userX  must  have  an  established  account  on  the  Windows  2000 
server.  We  overcame  this  obstacle  by  opening  a  new  account  in  Win2000  PC  that  was 
identical  to  the  Win95  PC  one. 

6.     Web  Site  Performance 

When  the  client  requested  web  pages  from  the  web  server,  the  server  responded 
instantly.  And  that's  because  the  connection  speed  between  the  two  PC's  was  the  highest 
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possible  due  to  the  fact  that  the  two  PC's  were  interconnected  in  a  LAN  and  there  was  no 
other  network  traffic  to  interfere. 


Both  Netscape  and  Microsoft  Internet  Explorer  proved  to  be  very  efficient  as  web 
clients.  Netscape  has  proved  more  practical  especially  concerning  the  issue  of  handling 
the  e-mailing,  because  a  separate  program  is  not  required  to  see  your  e-mail,  like 
Microsoft  Outlook. 

The  use  of  Microsoft  FrontPage  2000  as  a  web  site  development  tool  was  proved 
very  efficient  and  easy  to  use.  It  is  a  very  capable  tool  for  the  novice  and  intermediate 
level  web  developers.  Restricting  the  use  of  graphics  proved  to  be  very  efficient  in 
reducing  the  downloading  time. 

7.     Web  Site  Security 
a.     In  Web  Server 

Since  we  experimented  with  unclassified  subjects,  we  were  not  obliged  to  use 
any  kind  of  security  measures,  such  as  encryption  or  security  certificate)  in  order  to 
protect  our  web  site.  But  for  practice  purposes  we  activated  SSL,  which  can  give  us  a 
kind  of  security,  provided  that  we  activated  SSL  feature  also  in  FrontPage,  in  the  Web 
browsers,  and  web  servers  (See  Figure  39). 
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Figure  39:  SSL  Setting  In  IIS  Web  Server 

b.     FrontPage  2000 

FrontPage  provides  administrative  tools  that  let  us  set  permissions  and  limit 

access  to  our  web  site.  FrontPage  security  is  based  on  the  security  mechanism  used  by  the 
Web  server  and  its  operating  system.  In  FrontPage  we  can  specify  the  type  of  access  that 
each  user  has.  Users  can  have  one  of  the  following  types  of  permission  [Ref.19]: 

•  Browse  —  the  user  can  browse  the  files  in  the  web. 

•  Author  —  the  user  can  browse  and  change  the  files  in  a  web. 

•  Administer  —  the  user  can  browse  and  change  the  files  in  the  web, 
and  can  also  administer  the  web  by  adding  and  removing  users.  On 
systems  running  IIS.  FrontPage  grants  administrator  access  by  default 
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to  all  members  of  the  Windows  NT  Administrators  group  and  the 


svstem  account. 


c.     Web  Browsers 


From  the  web  browser  point  of  view  specifically  IE  5.0  provides  us  with  two 
different  types  of  security  certificates  [Ref.20]: 

(1)  A  "personal  certificate"  is  a  kind  of  guarantee  that  you  are  who 
you  say  you  are.  This  information  is  used  when  you  send  personal  information  over  the 
Internet  to  a  Web  site  that  requires  a  certificate  verifying  your  identity. 

(2)  A  "Web  site  certificate"  states  that  a  specific  Web  site  is  secure 
and  genuine.  It  ensures  that  no  other  Web  site  can  assume  the  identity  of  the  original 
secure  site. 

Netscape  4.77  provides  various  types  of  security  settings  two  different  types  of 
certificates,  from  the  most  simple  to  the  most  advanced  SSL  v3  (See  Figure  40). 
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Figure  40:  Encryption  Setting  In  Netscape  Navigator  v4.77 
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The  Internet  is  a  place  that  everyone  can  do  almost  what  ever  he  or  she  wishes. 
The  possibility  of  "cyber  anarchy"  with  no  restrictions  at  all  is  very  high.  The  positive  of 
this  situation  is  that  knowledge  and  information  is  freely  distributed  all  over  the  world 
and  the  Internet  is  a  rapidly  evolving  entity.  Every  day  a  lot  of  web  business  companies 
offer  free  Internet  connection,  free  web  space  to  host  your  web  site  and  even  DNS. 
Offering  these  free  services,  the  companies  advertise  their  products,  and  utilize  your  mail 
or  e-mail  address  in  order  to  promote  their  products.  This  situation  gives  e-commerce  a 
tremendous  boost  and  the  traditional  way  of  buying  things  tends  to  be  changed  in  the  near 
future.  The  negative  side  of  this  story  is  that  crime  is  also  distributed  freely  via  the 
Internet  and  it  is  very  difficult  to  stop. 

Web  server  technology  helps  the  situation.  Big  corporations  with  high  web  traffic 
can  use  high-end  hardware  and  high-end  web  servers  and  improve  their  business.  Small 
web  servers  running  on  popular  operating  systems  installed  on  affordable  hardware 
platforms  are  designed  in  such  way  that  almost  everybody  can  utilize  them.  In 
conclusion,  almost  everybody  can  obtain  and  run  a  web  server  and  publicize  his  or  her 
web  site  to  the  Internet. 

B.        RECOMMENDATIONS 

For  the  small  businesses  with  low  traffic  or  for  home  web  servers.  Microsoft's 
Personal  web  server  proved  very  efficient.  Since,  PWS  has  limited  capabilities  it's  ideal 
for  testing  our  web  site  inside  a  relatively  small  Intranet,  before  we  publish  our  pages  on 
the  Internet. 
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By  monitoring  traffic  on  our  web  sites  using  the  log  capabilities,  we  can  see  if  the 
traffic  is  getting  higher.  This  may  give  us  an  indication  that  we  need  a  software  upgrade, 
or  both  in  order  to  effectively  handle  the  increased  traffic. 

If  we  stay  in  Windows  OS  and  especially  Win  NT  or  Win2000,  one  of  the  best 
solutions  would  be  Internet  Information  Services  v5.0,  which  is  the  second  most  popular 
web  server  in  the  world  market  following  Apache  server  (see  Appendix  F  for  more 
details).  In  addition,  there  are  other  editions  of  Win2000.  like  Windows2000  Server  or 
Advanced  Server  that  cover  the  needs  of  very  large  enterprises,  but  is  relatively 
expensive. 

If  the  operating  system  does  not  meet  our  needs  and  we  intend  to  switch  to  UNIX- 
LINUX  like  machines,  we  have  to  consider  seriously  using  the  most  popular  freeware 
web  server,  which  is  the  Apache  server.  Of  course  in  this  case,  we  have  to  take  under 
consideration  the  acquisition  cost  of  the  necessary  hardware  that  may  be  higher  than  the 
PC/NT  platforms. 

Software  scientists  are  continuouslv  working  to  construct  web  servers  that  will 
run  faster,  provide  higher  security,  have  a  better  interface  and  will  be  easy  to  handle. 
Nowadays  there  is  tendency  to  the  freeware  and  this  is  one  of  the  reasons  that  has  made 
the  Apache  web  server  so  popular  (it  currently  claims  the  60%  of  the  installed  web 
servers  worldwide).  If  this  trend  persists,  in  few  years  we  may  see  that  the  majority  of  the 
servers  (web  servers  included)  in  use  are  based  on  open  source  software. 
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Both  Internet  Explorer  5.0  and  Netscape  Communicator  4.77  proved  very  efficient 
web  browsers.  So.  ultimately  the  decision  boils  down  to  personal  choice.  Concerning  the 
web  site  development  tool,  FrontPage  2000  proved  a  very  handy  program  with  many 
capabilities  for  novice  and  intermediate  developers.  Finally.  I  think  that  the  combination 
of  the  IIS  as  a  webs  server,  FrontPage  as  the  developer  tool  and  the  IE  5.0  as  a  web 
browser  could  be  one  of  the  best  choices  that  someone  could  have  in  order  to  set  up, 
operate  and  maintain  a  professional  looking  web  site. 
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APPENDIX  A 

Naval  Postgraduate  School  Campus  Web  Servers  in  Operation 

(http://adpsec.nps.nuvv.mil/webservers.htm) 


S/N 

Server  Name 

VLAN  Support 

Platform/OS 

Web  Server 

1 

web.nps.navy.mil 

Extranet/05 

Sun/Solaris 

Apache 

2 

hopper.nps.navy.mil 

Extranet/05 

Sun/Solaris 

Apache 

3 

itwarrior.nps.navy.mil 

Extranet/05 

PC/NT 

IIS 

4 

bulkhead.nps.navy.mil 

Extranet/05 

PC/NT 

ns 

5 

wildcat.nps.navy.mil 

Extranet/05 

PC/NT 

IIS 

6 

spitfire.nps.navy.mil 

Extranet/ 10 

PC/NT 

IIS 

7 

data.lib.nps.navy.mil 

Extranet/ 13 

PC/NT 

IIS 

8 

marines.nps.navy.mil 

Extranet/37 

PC/NT 

IIS 

9 

research.nps.navy.mil 

Extranet/AA 

N/A 

N/A 

10 

aa.nps.navy.mil 

Extranet/ AA 

N/A 

N/A 

11 

luqipc.cs.nps.navy.mil 

Extranet/CS 

PC/Win95 

Ms  PWS 

12 

caps.nps.navy.mil 

Extranet/CS 

Sun/SunOS 

Netscape 

13 

cisr.nps.navy.mil 

Extranet/CS 

SGI/IRIX 

Netscape 

14 

interact.nps.navy.mil 

Extranet/CS 

SGI/IRIX 

Netscape 

15 

moves.nps.navy.mil 

Extranet/CS 

SGI/IRIX 

Netscape 

16 

npsnet.nps.navy.mil 

Extranet/CS 

SGI/IRIX 

Netscape 

17 

cs.nps.navy.mil 

Extranet/CS 

Sun/SunOS 

Netscape 

18 

iscas.nps.navy.mil 

Extranet/EC 

PC/NT 

Ms  PWS 

19 

fear.nps.navy.mil 

Extranet/EC 

SGLTRIX 

Netscape 
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S/N 

Server  Name 

VLAN  Support 

Platform/OS 

Web  Server 

20 

pc427b3.ece.nps.navy.mil 

Extranet/EC 

PC/NT 

Netscape 

21 

oapiweb01.nps.navy.mil 

Extranet/OI 

PC/XT 

IIS 

22 

OAPIWEBD1 

Extranet/OI 

PC/NT 

IIS 

23 

Oapiwebdl.nps.navy.mil 

Extranet/OI 

PC/NT 

IIS 

24 

Ideatest.nps.navy.mil 
131.120..70.121 

Extranet/OI 

PC/NT 

IIS 

25 

ldeatest.nps.navy.mil 
131.120..70.122 

Extranet/OI 

PC/NT 

ns 

26 

jvle.nps.navy.mil 

Extranet/OI 

PC/NT 

ns 

27 

diana.or.nps.navy.mil 

Extranet/OR 

Linux 

Apache 

28 

spica.or.nps.navy.mil 

Extranet/OR 

MAC/MacOS 

Apache 

29 

magog.sm.nps.navy.mil 

Extranet/SM 

PC/NT 

IIS 

30 

wings.sm.nps.navy.mil 

Extranet/SM 

PC/NT 

Apache 

31 

satcom.sp.nps.navy.mil 

Extranet/SP 

PC/Linux 

Apache 

32 

gs-control. sp.nps.navy.mil 

Extranet/SP 

PC/Linux 

Apache 

33 

sp.nps.navy.mil 

Extranet/SP 

PC/Linux 

Apache 

34 

devo.stl.nps.navy.mil 

Extranet/STL 

SGI/IRIX 

Apache 

35 

compaq204.trac.nps.navy. 
mil 

Extranet/TRAC 

PC/NT 

IIS 

36 

dellsvr.trac.nps.navy.mil 

Extranet/Trac 

PC/NT 

Apache 

37 

met.nps.navy.mil 

Intranet/MR 

SGI/IRIX 

Apache 

38 

ptsur.nps.navy.mil 

Unknown 

SGI/IRIX 

Apache 
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usw.nps.navy.mil  Unknown  SGI/IRIX  \  Apache 


40.     |  Metncssrv.nps.navy.mil       i  DNA  ,  PC/NT  j  US 
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APPENDIX  B 
Web  Server  Baseline  Assessment 

The  following  data  was  collected  from  a  survey  of  operational  web  servers  at  the 
Naval  Postgraduate  School: 

A.  GENERAL  INFORMATION 

1.  NPS  has  40  web  servers  installed.  45  %  of  them  use  Win  NT,  22.5%  use 
SGI/IRIX  and  7.5  %  PC/LINUX.  The  rest  use  Sun/Solaris,  Sun/Sun  OS.  Linux, 
Mac/MacOS,  PC/Win  95  and  3  of  40  provided  no  data. 

2.  A  break  down  of  web  servers  shows  35%  use  Microsoft  IIS  web  server, 
32.5%  use  open  source  Apache  web  server,  20%  Netscape,  5%  use  MS  PWS  and  7.5 
provided  no  data. 

B.  WEB  SERVER  AVAILABLE  SOFTWARE 

1.  Apache  web  server  (for  Sun-Linux  -IREX  platforms  mainly). 

2.  Windows  HS  (for  NT/PC). 

3.  Netscape  web  server  (for  SGI/IRIX  mainly). 

C.  HARDWARE  PLATFORMS 

1.  Unix/SUN  like  platform. 

2.  PC  like  platform. 

3.  Macintosh  platform. 
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D.  SECURITY  CONCERNS 

1 .  Proxy  servers. 

2.  Gateways  (Bastion). 

3.  Windows  NT  security  features. 

4.  Routers. 

E.  WEB  SITE  DEVELOPMENT  SOFTWARE  TOOLS  AVAILABLE 

1 .  Microsoft  Front  Page  for  Windows. 

2.  Netscape  Composer. 

3.  Adobe  Pagemil  (old  version). 

4.  HoTMetal. 

5.  Macromedia  Dreamweaver. 

6.  Net  objects  Fusion  version  4.0  or  5.0  and  Team  Fusion  Client  2000. 

F.  PROTOCOLS  USED 

1.  HTTP. 

2.  FTP. 

3.  TCP/IP. 

G.  CONCLUSION 

I  think  that  a  PC/NT  platform  and  Microsoft  IIS  as  web  server  S/W  would  be  the 
best  solution,  because  it  is  more  user-friendly  and  NPS  is  already  licensed  to  use  it. 
Furthermore  it  is  easier  to  maintain.  Microsoft  Personal  Web  Server  that  runs  on 

"4 


Windows  9x  or  2000  Professional  edition  would  also  be  good  choice.  For  web  page 
construction  Microsoft  FrontPage  2000  would  be  a  good  choice,  because  it  is  more  user 
friendly  and  has  more  capabilities  compared  with  other  editors. 
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APPENDIX  C 

Suggested  Configuration  (Optimal)  for  a  Web  Server  that  Uses  PC/Windows 

9x-XT-2000  Platform. 


I  consider  that  the  following  requirements  would  be  the  most  appropriate  to 
implement  a  suitable  web  server: 
A.        PHYSICAL  WEB  SERVER  REQUIREMENTS 

1 .  Type  of  server:  PC -based 

2.  Server  station  internal  architectural  characteristics 

a.  Motherboard:  Any  motherboard  that  supports  Intel  Pentium  II  or  III  CPU 

b.  Microprocessor:  Pentium  II  or  III  /450  -  700  MHz 

c.  RAM:  At  least  128  MB  SDRAM  DIMM/PC  100  MHz  expandable  at 
least  up  to  256  MB. 

d.  Ports:  At  least  1  serial,  1  parallel  free  port. 

3.  Number  of  expansion  slots:  At  least  4  empty  PCI  expansion  slots. 

4.  Type  of  Network  Interface  Card  (NIC):   10  Base  T  /100  Mbps  Ethernet. 

5.  Permanent  Storage  Devices:  Hard  disk  drive  at  least  12  GB  Ultra  DMA  at 
5400  RPM  or  higher. 

6.  Removable  Storage  media:  FDD,  Zip  drive  at  least  100  MB,  CD-ROM  device 
at  least  40  X  speed. 

7.  Backup  Unit:  Tape  streamer  or  CD-RW  unit. 

8.  Video  Graphics  card:  S-VGA  with  at  least  4MB  memory. 

9.  Case:  ATX  case  with  at  least  6  bays  and  power  supply  >  200  Watts. 

10.  Monitor:  At  least  15"  color  monitor  with  dot  pitch  at  most  .27mm  and  at  least 
1024  X  768  pixels  maximum  resolution. 

1 1 .  UPS:  any  system  that  supports  at  least  600  KVA  power  devices 
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B.  NETWORK  REQUIREMENTS 

Since,  it  will  be  installed  in  a  Personal  computer  that  is  a  stand  alone  one,  no 
firewall  required.  In  addition,  there  is  no  need  for  transaction  or  message  servers.  Of 
course  there  are  other  alternatives  for  the  web  server  connectivity  that  could  be 
considered,  with  respective  pros  and  cons. 

C.  Communication  Protocol  Requirements 

TCP/IP 

D.  Software  requirements 

1.  Windows  Personal  Web  Server  or  Windows  NT/IIS 

2.  Microsoft  Front  Page  2000  or  Net  Objects  Fusion  5.0 

3.  Windows  2000  Professional  would  be  the  optimal  solution  with  Windows  9x 
or  NT  (in  the  case  that  we  will  implement  the  IIS  web  server) 
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APPENDIX  D 


Main  Pages  of  the  NPS  Student  Information  Center  Web  Site 
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Figure  41:  Main  Welcome  Page  of  the  NPS  Student  Information  Center  Web  Site 
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Figure  42:  English  Main  Page  of  the  NPS  Student  Information  Center  Web  Site 
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Figure  43:  Greek  Main  Pase  of  the  NPS  Student  Information  Center  Web  Site 
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APPENDIX  E 
List  of  Generic  Top  level  Domains  (gTLD) 

For  commercial  business 

For  government  organizations 

For  military  organizations 

For  educational  institutions 

For  non-profit  organisations 

For  arts  or  culture-oriented  organizations 

For  information  services 

For  computer  networks 

For  individuals 

For  online  merchants 


.rec  For  recreation  or  entertainment  resource 


.web 


For  web-oriented  organizations 


The  first  five  TLD  that  listed  above,  established  and  used  ,  while  the  rest  remain 
inactive.  There  are  also  other  TLDs  that  identify  each  different  country  that  the  web  site 
belongs,  like  .uk  for  United  Kingdom,  .gr  for  Greece  or  .de  for  Germany.  In  addition. 
there  are  combinations  like  .uk.com. 

The  responsible  organization  for  defining  TLDs  is  ICANN  (Internet  Corporation 
for  Assigned  Names  and  Numbers).  ICANN  is  a  non-profit  corporation  that  was  formed 
to  oversee  IP  address  space  allocation,  protocol  parameter  assignment,  domain  name 
system  management,  and  root  server  system  management  functions  previously  performed 

S! 


under  U.S.  Government  contract  bv  IANA  and  other  entities.  The  last  meeting  of 
ICANN  was  held  in  16  July  2000  in  Yokohama-Japan.  In  1  November  2000,  the  ICANN 
will  announce  their  decision  about  the  new  top-level  domains.  [Ref.  11] 
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APPENDIX  F 

Netcraft  Web  Server  Survey 

The  latest  Netcraft  Web  Server  Survey  was  held  in  the  July  2000  and  received 
responses  from  18,169,498  sites.  The  following  graphs  depict  the  market  share  of  various 
web  servers.  [Ref.18] 


Hpache:  62.53% 
Hicrosoft-IIS:  28.36% 
Other:  8.65% 

Netscape-Enterprise:  6.74% 
Rapidsite:  1.72% 


Figure  44:  Web  Server  Count  by  Sites 
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Microsoft-IIS:  26.84% 
Other:  8.97% 

Netscape-Enterprise:  2.61% 
Rapidsite:  2.82% 


Figure  45:  Web  server  Count  bv  Active  Sites 
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Figure  46:  Market  Share  for  Top  Servers  Across  All  Domains  August  1995  -  July  2000 
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GLOSSARY  OF  TERMS  AND  ACRONYMS 

ADMD:  Administration  Management  Domain 

CCITT:  Consultative  Committee  for  International  Telegraphy  and  Telephony 

DSL:  Digital  Subscriber  Line 

FAQ:  Frequently  Asked  Questions 

FTP:  File  Transfer  Protocol 

GIF:  Graphics  Interchange  Format 

HTML:  Hypertext  Mark-up  Language 

HTTP:  Hypertext  Transfer  Protocol 

HTTPS:  Hypertext  Transfer  Protocol  Secure 

IE  5.0:  Internet  Explorer  version  5.0 

IIS:  Internet  Information  Services 

ISP:  Internet  Service  Provider 

IT:  Information  Technology 

JPEG:  Joint  Photographic  Experts  Group 

MHS:  Message  Handling  System 

NTFS:  Network  File  System 

NNTP:  News  Network  Transfer  Protocol 

PWS:  Personal  Web  Server 

PNG:  Portable  Network  Graphics.  A  recently  invented  graphics  format  that  can  be 

10  to  30%  more  compressed  than  in  a  GIF  format. 
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SSL:  Secure  Socket  Layer  is  a  protocol,  which  is  used  to  transmit  encrypted  data 

between  a  client  and  a  server. 

TCP/IP:      Transaction  Control  Protocol/Internet  Protocol 

UDP:  User  Datagram  Protocol,  which  is  the  TCP/IP  protocol  that  provides 

application  programs  with  connectionless  communication  service. 

URL:  Unified  Resource  Locator,  which  consists  of  three  parts:  the  protocol,  the 

domain  name  and  the  path. 

WYSIWYG:  What  You  See  Is  What  You  Get.  This  function  of  a  program  describes  that 

what  you  see  in  your  monitor  is  what  you'll  finally  have  printed  in  your  hard  copy. 
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